User login
Qlustar: Install and enjoy!

[QSA-00117181] Linux kernel vulnerability

Qlustar Security Advisory 0117181

January 17th, 2018


Summary:

The system could crash or be made to run programs as an administrator. This update includes a fix for the dangerous Meltdown vulnerability. You're urged to upgrade your systems as soon as possible.


    Package(s)       : linux-image-ql-generic,
                       qlustar-module-core-trusty-amd64-9.2.0
    Qlustar releases : 9.2
    Affected versions: All versions prior to this update
    Vulnerability    : privilege escalation/denial of service
    Problem type     : local
    Qlustar-specific : no
    CVE Id(s)        : CVE-2017-5754
  

A vulnerability has been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem(s):

CVE-2017-5754

Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via side-channel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory.

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Instructions):

    linux-image-ql-generic                     4.9.76-ql-generic-10.0-10
    qlustar-module-core-trusty-amd64-9.2.0     9.2.0.3-b479f1115
  
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08